Profiles not appearing after saving the zip file

[cybercuffs]

I saved the Mac 10.10.3 profile zip file in volatility-2.4/volatility/plugins/overlays/mac but when doing vol.py --info, it is not appearing there. Did I miss anything?

[gleeda]

you should see one of the following when doing python vol.py --info:

MacYosemite_10_10_3_14D131x64  - A Profile for Mac Yosemite_10.10.3_14D131 x64
MacYosemite_10_10_3_14D136x64  - A Profile for Mac Yosemite_10.10.3_14D136 x64

^ do you see one of those ?

[gleeda]

(also make sure you are running the same vol.py where you put the profile, just in case you are not running it from within the same folder)

[TofBaasken]

Hello , I seem to have a similar problem , I copied Yosemite_10.10_14A389.zip to the volatility/plugins/overlays/mac folder but the profile does not appear ... But when I tried for example the Lion_10.7.4_Intel.zip it DOES appear in the list ! A small bug ?

[cybercuffs]

I know it works no matter from where we run the vol.py --info as I've made some linux profiles in the past. Still, I tried running it from the same folder where my profile is i.e. volatility-2.4/volatility/plugins/overlays/mac but no luck.

[deeso]

I had some similar issues with overlays not being found on my systems. I found that when I added a .volatilityrc to my home directory, this helped alleviate some path issues. Here is what my config file looks like:

[DEFAULT]
plugins=/research_data/vol_profiles/

HTH.

[gleeda]

@cybercuffs did you try running it from the volatility-2.4 folder ?

[cybercuffs]

I have alias set for it so I can run from any cwd. I deleted the zip and downloaded a fresh copy and it works fine. Though the new copy is of the same size, not sure what went wrong to previous one.

[h8ohmh]

Hi, I still have problems too. It's running under debian 8.6, x86_64 and I tried with the .volatilityrc plugins path stuff but I can't get no Linux plugin id at volatility --info. (Copied the file into that folder) Any Idea?

[DEFAULT] LOCATION=/home/user/.config/volatility/plugins

[gleeda]

So there's an issue with your config file. First the LOCATION variable is for the memory sample, not plugins. Second, the path has to have a file:// prefix. Therefore you would have:

[DEFAULT]
LOCATION="file:///home/user/path/to/mem.dmp"

If you wanted to add the location for a plugins directory, you also have to prefix it with "file://" For example:

[DEFAULT]
LOCATION="file:///Location/to/win7.vmem"
PROFILE=Win7SP1x86
DTB=0x3f4b5160
KDBG=0x82b74c28
PLUGINS="file:///Location/to/extra/plugins/folder"

Notice that you can put any flag variable you want in the config file. If you have a file volatilityrc that can be near where you are invoking vol.py. If you are using .volatilityrc (notice the '.') then you need to make sure that it is in your home directory. Let me know if this helps and I'll close the issue.

[nov3mb3r]

I too have the same problem. When I make a Linux profile in the target machine it appears when i type vol.py --info | grep Linux but when I copy the profile.zip in my investigation machine, with the same command, the profile doesn't appear.